diff --git a/include/my_secure.h b/include/ma_secure.h similarity index 95% rename from include/my_secure.h rename to include/ma_secure.h index 74133841..46679376 100644 --- a/include/my_secure.h +++ b/include/ma_secure.h @@ -19,8 +19,8 @@ Part of this code includes code from the PHP project which is freely available from http://www.php.net *************************************************************************************/ -#ifndef _my_secure_h_ -#define _my_secure_h_ +#ifndef _ma_secure_h_ +#define _ma_secure_h_ #ifdef HAVE_OPENSSL #include @@ -40,4 +40,4 @@ int my_ssl_start(MYSQL *mysql); void my_ssl_end(); #endif /* HAVE_OPENSSL */ -#endif /* _my_secure_h_ */ +#endif /* _ma_secure_h_ */ diff --git a/libmariadb/CMakeLists.txt b/libmariadb/CMakeLists.txt index 0f00e065..728120eb 100644 --- a/libmariadb/CMakeLists.txt +++ b/libmariadb/CMakeLists.txt @@ -94,7 +94,7 @@ my_loaddata.c my_stmt_codec.c client_plugin.c my_auth.c -my_secure.c +ma_secure.c libmariadb_exports.def ) diff --git a/libmariadb/errmsg.c b/libmariadb/errmsg.c index eac53bf5..b0eb72b2 100644 --- a/libmariadb/errmsg.c +++ b/libmariadb/errmsg.c @@ -106,7 +106,7 @@ const char *client_errors[]= /* 2023 */ "", /* 2024 */ "", /* 2025 */ "", -/* 2026 */ "SSL connection error", +/* 2026 */ "SSL connection error: %100s", /* 2027 */ "received malformed packet", /* 2028 */ "", /* 2029 */ "", diff --git a/libmariadb/libmariadb.c b/libmariadb/libmariadb.c index 7d080766..a03f5307 100644 --- a/libmariadb/libmariadb.c +++ b/libmariadb/libmariadb.c @@ -61,7 +61,7 @@ #include #include #ifdef HAVE_OPENSSL -#include +#include #endif static my_bool mysql_client_init=0; diff --git a/libmariadb/my_secure.c b/libmariadb/ma_secure.c similarity index 86% rename from libmariadb/my_secure.c rename to libmariadb/ma_secure.c index 90caf1a6..72afe578 100644 --- a/libmariadb/my_secure.c +++ b/libmariadb/ma_secure.c @@ -21,7 +21,7 @@ #include #include -#include +#include #include #include @@ -53,11 +53,13 @@ static void my_SSL_error(MYSQL *mysql) } if ((ssl_error_reason= ERR_reason_error_string(ssl_errno))) { - my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, ssl_error_reason); + my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, + ER(CR_SSL_CONNECTION_ERROR), ssl_error_reason); DBUG_VOID_RETURN; } my_snprintf(ssl_error, MAX_SSL_ERR_LEN, "SSL errno=%lu", ssl_errno, mysql->charset); - my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, ssl_error); + my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, + ER(CR_SSL_CONNECTION_ERROR), ssl_error); DBUG_VOID_RETURN; } @@ -226,8 +228,9 @@ static int my_ssl_set_certs(SSL *ssl) /* set cert */ if (mysql->options.ssl_cert && mysql->options.ssl_cert[0] != 0) { - if ((SSL_CTX_use_certificate_chain_file(SSL_context, mysql->options.ssl_cert) != 1) && - (SSL_use_certificate_file(ssl, mysql->options.ssl_cert, SSL_FILETYPE_PEM) != 1)) + if (SSL_CTX_use_certificate_chain_file(SSL_context, mysql->options.ssl_cert) != 1) + goto error; + if (SSL_use_certificate_file(ssl, mysql->options.ssl_cert, SSL_FILETYPE_PEM) != 1) goto error; have_cert= 1; } @@ -250,6 +253,26 @@ static int my_ssl_set_certs(SSL *ssl) if (SSL_CTX_set_default_verify_paths(SSL_context) == 0) goto error; } + + if (mysql->options.ssl_ca || mysql->options.ssl_capath) + { + X509_STORE *certstore; + + if ((certstore= SSL_CTX_get_cert_store(SSL_context))) + { + if (X509_STORE_load_locations(certstore, mysql->options.ssl_ca, + mysql->options.ssl_capath) == 1) + { +#ifdef X509_V_FLAG_CRL_CHECK + X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); +#else + my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, "OpenSSL library doesn't support CRL certificates"); + DBUG_RETURN(1); +#endif + } + } + } + DBUG_RETURN(0); error: @@ -259,8 +282,21 @@ error: static int my_verify_callback(int ok, X509_STORE_CTX *ctx) { - /* since we don't have access to the mysql structure, we just return */ - return ok; + X509 *check_cert; + DBUG_ENTER("my_verify_callback"); + + if (!ok) + { + uint depth; + if (!(check_cert= X509_STORE_CTX_get_current_cert(ctx))) + DBUG_RETURN(0); + depth= X509_STORE_CTX_get_error_depth(ctx); + DBUG_PRINT("info", ("error_depth=%d", depth)); + if (depth == 0) + DBUG_RETURN(1); + } + DBUG_PRINT("info", ("ctx->error= %d", ctx->error)); + DBUG_RETURN(1); } /* @@ -291,7 +327,6 @@ SSL *my_ssl_init(MYSQL *mysql) if (!SSL_set_app_data(ssl, mysql)) goto error; - if (my_ssl_set_certs(ssl)) goto error; @@ -340,6 +375,7 @@ int my_ssl_connect(SSL *ssl) if (SSL_connect(ssl) != 1) { + printf("connect failed\n"); my_SSL_error(mysql); /* restore blocking mode */ if (!blocking) diff --git a/libmariadb/my_auth.c b/libmariadb/my_auth.c index 361f611d..24ce6f0b 100644 --- a/libmariadb/my_auth.c +++ b/libmariadb/my_auth.c @@ -6,7 +6,7 @@ #include #include #ifdef HAVE_OPENSSL -#include +#include #endif typedef struct st_mysql_client_plugin_AUTHENTICATION auth_plugin_t; diff --git a/libmariadb/violite.c b/libmariadb/violite.c index ed15fe35..3f95d98d 100644 --- a/libmariadb/violite.c +++ b/libmariadb/violite.c @@ -42,7 +42,7 @@ #endif #ifdef HAVE_OPENSSL -#include +#include #endif #ifdef _WIN32 diff --git a/unittest/libmariadb/certs/ca-cert.pem b/unittest/libmariadb/certs/ca-cert.pem new file mode 100644 index 00000000..b8155583 --- /dev/null +++ b/unittest/libmariadb/certs/ca-cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXTCCAkWgAwIBAgIJAKJqUreNtr3EMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTIxMjAxMTExMjA3WhcNMjIxMDEwMTExMjA3WjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAyMo3pYxaOc0dtWXBm3yzFdZ5E2YJBB0P/ZOoaDECZrVnHPL4jb3yqpNn +sZ576IDgw3+4bY/RFbUBLnx2oz0XMgwxwQ+rNxxi2jWnBuezd3CLS64vgmS4Ftdv ++ikLsdw8hYTzNYwV3xK5iQnHj4WCeUw+ATucbCXlDeeCynfpMk/RWxE218R5UOjg +0JfqPtKfZMADzhoE3cEM5xWvPaQOSaBQXsVfziRCsj+2GdRjUZpChIlHLV99looT +T4oL1N8cfWG6I0ATje3a5y4yrxeDCoGEbvJcvD9xLciLmHJ9fTuzECw40+X8BUaL +2fEUymvtYjcvj0iRYGa4GkaETS7jDQIDAQABo1AwTjAdBgNVHQ4EFgQUUk+4Eg7w +xG/VQ7r2GdDVnKBMB28wHwYDVR0jBBgwFoAUUk+4Eg7wxG/VQ7r2GdDVnKBMB28w +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAvxPUK88FFPpjcnM6k9v/ +XdEb4xgivcdTxQD5QH9A9lQZWnaMd+7dWGoeLgwP3/N/b7gV6BgAJt73aWa7AkMV +SKi10qk7IOs2DXlNuFzs1uy7ziBWrftUp5cTIDjZ8B5jZ23vUjkQfMivi9dnhVwp +UUjhh0gjoxYtvP8VJzz7FEMtHNEiwQsQ7G/at4T2xTWR4TlYXdvzE+5x1JdMYoed +vO4sihtZ2REZrXasvwpA2TofTTvOWGiU28SqV0AFh3Kz64WnRuJBkTR3zK5iTQvy +Zc7Loz5yZC+5ebn1hG2yjjpjJUfcEdv2i85hQQBjZarC6ibfptrgeO/bAQEU8ppV +kA== +-----END CERTIFICATE----- diff --git a/unittest/libmariadb/certs/ca-key.pem b/unittest/libmariadb/certs/ca-key.pem new file mode 100644 index 00000000..af32267c --- /dev/null +++ b/unittest/libmariadb/certs/ca-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAyMo3pYxaOc0dtWXBm3yzFdZ5E2YJBB0P/ZOoaDECZrVnHPL4 +jb3yqpNnsZ576IDgw3+4bY/RFbUBLnx2oz0XMgwxwQ+rNxxi2jWnBuezd3CLS64v +gmS4Ftdv+ikLsdw8hYTzNYwV3xK5iQnHj4WCeUw+ATucbCXlDeeCynfpMk/RWxE2 +18R5UOjg0JfqPtKfZMADzhoE3cEM5xWvPaQOSaBQXsVfziRCsj+2GdRjUZpChIlH +LV99looTT4oL1N8cfWG6I0ATje3a5y4yrxeDCoGEbvJcvD9xLciLmHJ9fTuzECw4 +0+X8BUaL2fEUymvtYjcvj0iRYGa4GkaETS7jDQIDAQABAoIBACeVdhL08HSks06n +mNuGYefUOFpSq0RcVmKvUWv4/XgyGvniDI4k/EoUdUTW8aaMgcMI0tsGlzmoTWtU +ri7QRFphfQ2KgT6EIhjSqvL5iq/pSAzLciJKqOAX6MNwhBW0TVolM61CyK0Ji/ow +K19n+qjfFvo3Pkcz0UxEb8xqh1abfCgjaJnnjj0JlUO+xqNNRh3Gm6M2BrmrNhuR +l4fRr/moOrK+uMD1PCHJcx5zlWSX4FBjF52iD8divsD6vM10dBiyamNc3WrBHiWN +cp7ARtRcMS2k1XrUTAv69ltAll1BPzHQ7yC/HpJq4QBxoDRPPftsiRB9izC5MyDt +HdqArgECgYEA8ByToWHP+Ao+tw/xH26yRz1d/1pe7hq+qB13LEyvDZe4wd1smuv/ +3VkNG/43yEYaLy3VxwKhxePrFL5WasLpB1dAmGIwio1hb2LldBlZp6HoW1u8MNYL +grC/3TLp1hQP2WT/yKuuqwKW+ebRpov2oTV7HmO7g+eKUDZOEjhPS90CgYEA1hOK +udBOEAGOYKa7086fSTFvJWMNy3lDEmJuvMVXcaYroaBjKWM2XZnCwKDymj+0mtzl +HY6SVgZEM+mfdm0U9kuRdQSaOCrmmLg0nBqta2fng939hSY1ED8TGMt6rDWA4lOD +SPiJwdeKkZEb7jSkLBojfNwpv/4+IfGZC18+2PECgYBIwjAOIAiX/erBKCiFwNJu ++e6I2UaY2ivZ34vkNZx5/vaycDlfvJG87iYlzGP04SFAGKCF/Isu3wC2OXMQSN26 +JrthMafJ5EuZKBulkaT0QgCZ5nNhTQsR4CNTkQEAqPWgh5Vmpnd4RIGhWks/L3xd +n0oejFQfBUOJSNthdAS7VQKBgHRl974Epw1I61NeFS6bYDx55ocbjrqd2nw6jR+S +5XLj+UFOZdxxF3RZUG1QldiM3vR9Ow6RILwpeBgJ5SyNLyKkABjyQbBckzlinyhp +0PVfb6BhqaEmHyAQS5/ls3PDO6rT4cRhbvW47p0rm1YvxTw9kiIny4ObB8mJBcAL +L67hAoGAIg00eMX2tqaY772vho2Q8ba2OT8ZvhGxRd2+eIB8LbK7Nh119+4O37zr +sHEq7QD15i34PM/dI9fbxFXi9cFFsxdwE5b4stTx/ZPdz5og05FCTyBX88L1FzLc +ZPEDbdYcajXSJSeGtbwilNKDtqLx62ANPRvrACZSKYWdfYRwBgw= +-----END RSA PRIVATE KEY----- diff --git a/unittest/libmariadb/ca.pem b/unittest/libmariadb/certs/ca.pem similarity index 100% rename from unittest/libmariadb/ca.pem rename to unittest/libmariadb/certs/ca.pem diff --git a/unittest/libmariadb/certs/client-cert.pem b/unittest/libmariadb/certs/client-cert.pem new file mode 100644 index 00000000..619611a3 --- /dev/null +++ b/unittest/libmariadb/certs/client-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGTCCAgECAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV +BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDAeFw0xMjEyMDExMTE5NTBaFw0yMjExMjkxMTE5NTBaMGAxCzAJBgNVBAYTAkFV +MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz +IFB0eSBMdGQxGTAXBgNVBAMMEGNsaWVudC5sb2NhbGhvc3QwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCfq0vKNGpEXPHiISQu0sLoIJ81eHzJyKUEHo+z +TKOqo+mHnH7Zvrx7ABr8cELdCKDJzhAn5hc1kEKnPNoaZK8gja5XoCx/cTIda7D6 +/OKYUd+K39R+QV3HgBS4C/AG2djPcV1aoy7c7PQQrEtjovu/OEqJfgKyaN0N1AC0 +mgP8hydX6P49WVs/TTguvqd7S19lhS1FzlKcfM5o7tnsSqLSYyZ+UebJN1O6WAQY +B5MPx3KLUu7Ze/auGwc4NvVTrRmN00Y2z98OynmlVzazUkt0L37Ya8ojxMkUMBon ++gMKo6VaXGPlrteD+fs37O64Hhpb31zsoEtK3+0cgCChGl3FAgMBAAEwDQYJKoZI +hvcNAQEFBQADggEBAC3l+GCH29tKQlY+zyo8CdX0n0LKwKNJKFuxOBWEYG6WHcId +lE99faUlFF2XvN32MN+tFU9VXoxNm0BCOiMu3O9HcqWp3Bfzu36tNbQlBrpcVGYQ +Zq2zAEbWvNoQjVkDAHIRrbGJ9dv3a+ev7O0sjA1BxdfrWhhl4uyfWb3XCSG+0qeb +1S/PmYq+HzGNkmgMlRBZX0Bu+wwTBEreSCaieZrNqJUsLzIxjR+8m7YM6I7U0Ihi +PEGmzMFz70OBeMVc/4h7jzcMMvHRhHNSMnUVsXxhxHl6EW29Uha66nf9zd3A9b1g +/q8S27ufXMLGIPP+6PCRqiF792Kq9OTn67Iq7Tw= +-----END CERTIFICATE----- diff --git a/unittest/libmariadb/certs/client-key.pem b/unittest/libmariadb/certs/client-key.pem new file mode 100644 index 00000000..b1ba2ca0 --- /dev/null +++ b/unittest/libmariadb/certs/client-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCfq0vKNGpEXPHi +ISQu0sLoIJ81eHzJyKUEHo+zTKOqo+mHnH7Zvrx7ABr8cELdCKDJzhAn5hc1kEKn +PNoaZK8gja5XoCx/cTIda7D6/OKYUd+K39R+QV3HgBS4C/AG2djPcV1aoy7c7PQQ +rEtjovu/OEqJfgKyaN0N1AC0mgP8hydX6P49WVs/TTguvqd7S19lhS1FzlKcfM5o +7tnsSqLSYyZ+UebJN1O6WAQYB5MPx3KLUu7Ze/auGwc4NvVTrRmN00Y2z98Oynml +VzazUkt0L37Ya8ojxMkUMBon+gMKo6VaXGPlrteD+fs37O64Hhpb31zsoEtK3+0c +gCChGl3FAgMBAAECggEBAIGbfIQAlBo2ECpsmIBhmNDwWgv/Z9wrwLddT2xN07Ta +JOBtyhJaX4jAhydOwRfGvy3Q1RBuF3zlQxWZsbkm7XlRSKncXQJ+Eh4Lore5uv3F +x91k34o06Tjd4POczRPilbmd3heKyqmOtncqRG/2hr+ro+WDohDMSlPFOWVgd8ft +bP/CcNqQ4J/FqbItQPxXK6dJkFL8BR66SlslEX38bmUK+/9EGTiAttye4BXhZ6Pu +sr9g0A24fYOiHZ6CFawnFDzTZzMXyRpQnXZi0isakgvXq4i8FeSI+p5zQGle2LE1 +f2u+QnMOiymAbrXLhLKWrJMS207IQmzFvc3YOumQhKkCgYEA1Jj0999ks42/NPk3 +UWzUZRlOCpUbRb+Olo0DfWPR8KhjQYV8B3Sqc3Ao4NZzhGZecJDYWTlNMGiCIGIR +vrtFW8huL5fOE/XZqkrVShXvK/Zhs73EqWnYCRP2i4E3E6RvB5MniRHeRZ0l9FiH +qh+kp9z8OLZ6J7IrXQyWClSt1/sCgYEAwEQhCQwhUPb74zL0UUjk1LZPJAQJHvaD +3PWIYX6FKtjjUIOcCXGgQM6C9omXOdv+mMryKTkpCEt4TrDN1Q9vvMBYAjcHlhhi +QQ041+dFNGwsXa6e24Ei8v5qgzR5mzvAVL3381WfyF22Bsjw0dfVwlTZvI7oUMmu +5pthuYKt9T8CgYBVfz3lAV4KJ5MhxqfMgyvXjJmp/9T789FwEj25C4++bLmd/ASp +Ku3xhsWpxhSmxlRsiJO5LiYwtZa/VzEztzRpeO13DmG9/T0QExA7vx50W51nH4Yb +a4mJ/RFFgS2ZJKPSNAfOQ/VToaNF5OSKMjeRmnmEhT4TAMAXp5wfg3Z2SQKBgFna +fSXhSWCxTJ6tnYivbGIMoYfPawPRaWbGSOpnWozft7xVBYNUWvRujr3xJ3+e1KlL +j0i8sfRycNM1xbwg7rNjoL3IQf9ffeuw5jPgnXMWatWNWihzfYXaaKTQzVRC5Gu2 +LD7IcVgOk5cwKXuoRvn+9ZMtply7JMYZL96mt+25AoGBAMnJmRAzIONjtsYAhjvu +SEur63oM2qXTsjMLbVK+jgGww8D7ESPZI2Hr3h9SoyQGebJZXmLbzk0qi3yVVamx +fHCyORgEh7qVSkUqnxVB0nTacbqdKpGUpNDEPyw4+Yad1wTUxMWcii0V3s5K84v/ +zVLsxtDOT8M6Z57mZXUzKaTT +-----END PRIVATE KEY----- diff --git a/unittest/libmariadb/certs/client-req.pem b/unittest/libmariadb/certs/client-req.pem new file mode 100644 index 00000000..1d646e1c --- /dev/null +++ b/unittest/libmariadb/certs/client-req.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICpTCCAY0CAQAwYDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAwwQY2xp +ZW50LmxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ+r +S8o0akRc8eIhJC7SwuggnzV4fMnIpQQej7NMo6qj6Yecftm+vHsAGvxwQt0IoMnO +ECfmFzWQQqc82hpkryCNrlegLH9xMh1rsPr84phR34rf1H5BXceAFLgL8AbZ2M9x +XVqjLtzs9BCsS2Oi+784Sol+ArJo3Q3UALSaA/yHJ1fo/j1ZWz9NOC6+p3tLX2WF +LUXOUpx8zmju2exKotJjJn5R5sk3U7pYBBgHkw/HcotS7tl79q4bBzg29VOtGY3T +RjbP3w7KeaVXNrNSS3QvfthryiPEyRQwGif6AwqjpVpcY+Wu14P5+zfs7rgeGlvf +XOygS0rf7RyAIKEaXcUCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQBOs8sFu+Lh +8wuC1QJ6Wqx4tSjVOsFlu6WQpaZ0fiYb9RpK1V//2sUGTX7SRiKOJE7/zh+Ehu5m +DsIEo5Ptu/JasYbBp3BeRSVVlyLGITvOGpUapUnOebvp+it/v9kjGW33vG2t3+j4 +LihduPz6xz1GacCVNU3iQQGCE/I0tv3nSu/E0zTR4EvBneKFeV5ox63Cor9g7kQM +80Pv39YDv/Tc/JWmkZsILxWbzLyIuzyHiPTJMsz5P0GAIxPBl0PiTCaJuXkgIhIh +HIblZuW4I1gqGgAkZBS/iAxwV9VjZkldcc76qOkSfQIqQoTUn5UvDCvTmfAHHQuH +eu7XCpo8W7lx +-----END CERTIFICATE REQUEST----- diff --git a/unittest/libmariadb/certs/server-cert.pem b/unittest/libmariadb/certs/server-cert.pem new file mode 100644 index 00000000..c732ab5e --- /dev/null +++ b/unittest/libmariadb/certs/server-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGTCCAgECAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV +BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDAeFw0xMjEyMDExMTE0NDBaFw0yMjExMjkxMTE0NDBaMGAxCzAJBgNVBAYTAkFV +MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz +IFB0eSBMdGQxGTAXBgNVBAMMEHNlcnZlci5sb2NhbGhvc3QwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDJF13NPPgprDQC4BSo+f4cSzS4j46n+TEAaCu0 +m+Bw0HSGr6MAXIn7EUr3VYx8zKI74/HG1HYBS8dPT0p3Hc8qcvsMtcujKyGIsOYc +bUtpCkZMYhChIMMA/AAO+wlyonaSUYYUmTlDCsbcolq9cjQnQtlXGSPkDzVJCJng +h4jeKZZ9LiVvWEblEu4YrAEnquErdalPmNeJ2LgqMG4pewJuXqtu98ue1Je28MnV +S/NrRPPtemsZcFcJlQLoGw/gtZRWQ0gM+hHaqc6xVrHmKJSyGURUwORSlKvX/lIn +58ZtDyS7bI1W1DtMZ2/UFxNTdmCoC6SF/fj/DGuzbiKErGa5AgMBAAEwDQYJKoZI +hvcNAQEFBQADggEBAFCKctZQ2cmR+AmESpzJl6EZspCKtd2gUsla531OrKnUWfYU +FcuZ+DEffnp4jQXtnVqO4mkBjVW5Etr5XF8r3Lm2cVTHkt/IfVjT5LcEdUdFzm4Q +UQHkAikc6pkz60guVXyi4SDkhjKyO/2K0HgwG1ndj+uAuatskAdybmS/OqvelRSL +lw72tND+Fy3RNwdf/cmmbDMGxfZO2LB/LRL1Yknn6CtHuCAWWwdUx7VkpRcjIpsI +X/CcvRgab8rCv/EZtBuhI2bunQ7MkAv4B93Y0o9t7H0mFTywrqj33e6iG/fS+dkK +2l0qvPpJ1YPqjuw0IGVujykdsGBXvXqbtxnGWMY= +-----END CERTIFICATE----- diff --git a/unittest/libmariadb/certs/server-key.pem b/unittest/libmariadb/certs/server-key.pem new file mode 100644 index 00000000..066a827e --- /dev/null +++ b/unittest/libmariadb/certs/server-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDJF13NPPgprDQC +4BSo+f4cSzS4j46n+TEAaCu0m+Bw0HSGr6MAXIn7EUr3VYx8zKI74/HG1HYBS8dP +T0p3Hc8qcvsMtcujKyGIsOYcbUtpCkZMYhChIMMA/AAO+wlyonaSUYYUmTlDCsbc +olq9cjQnQtlXGSPkDzVJCJngh4jeKZZ9LiVvWEblEu4YrAEnquErdalPmNeJ2Lgq +MG4pewJuXqtu98ue1Je28MnVS/NrRPPtemsZcFcJlQLoGw/gtZRWQ0gM+hHaqc6x +VrHmKJSyGURUwORSlKvX/lIn58ZtDyS7bI1W1DtMZ2/UFxNTdmCoC6SF/fj/DGuz +biKErGa5AgMBAAECggEBAIHC1ELGHxU1C/L3Ch3oA7PaS9D0wgdeY+JxVhKbq37g +5PCskbCABoG+rPNhfuBhZCbldnTpUKSRc7GX5uNqlu47eAjBnwBRqrf7/uFFHa5Q +dQCBH136OBuAgcEo+PXCJGVSugS8wxih8aUaFxe8hC75kioEDQbzUV0pcbJTg1xn +sLIEfIeNwHMemLtpN4n+GpJ8j19GLqaUDcjPM5ZRUs4yDvv1FZeGXjHijyZLP11h +rJLVrvmhqUoEG/ZdkqYKPrOG5qpOnkn/i9WPoUrahtWb6kKsZUjPoBCKqCqq/0kT +0WRI7Qgz13wPpbsVL8gQU9PgUM9MyNKH7yqGZnTmHiECgYEA61CvZD26tciutQfq +s0N8k20vQpX0uelDxsYBI9Acxt7LNWEIeiZLhrGKMSWsg0v541RKjiewzDcVOfQb +qA7wPC/IWfc1F/1gK3yg025IRgXhcuoWVd9jm7ob/czzxQIA8ew2fsDgqlYwkqPb +661TdEnctjYt29nqAQkayDdW8DUCgYEA2sSJzhAsscIE94TMw4O0C4PaOiYMfVb0 +oi7S4E7OLZ3bXm8OSlYRPxL66VxyNW+2g4BwXqMrsxd5x7QHGXEaqDPP8YEEOxrK +pkMiCfDvGpN0dlIobpPNVVGTfDcY/go3y30ZsdcX4G6S9lqsGEDo/hdVPrpeOULp +rG1Yimgu9PUCgYEAwUXwCOE6rXw7Iq1x8/MGKwCOxJ3t95TD+ks/PG7+c8kiFqGw +GMPDXMoNuvg6jUyl3jWpVsD60YCcipEY9hvu7UBBysLkdOPDTXR7k60M55aE6aGi +3r0wTwO5YegogDN5GzrsN4er/7vzAT5cr2IZHXZdNbuiRuTg8iDMQo5RddECgYEA +n+hJUnZANS68srA/fCoo0MHwIdDuEDAfYO0Y9xyjWHSqhLxola2TracSAMGyOZ0O +q9CWUpayupXOTkspZU9nTMuSk9TaYtmShzVLDDkwjRx7ZIFpTGp9DIA0bfdYLVkK +r5Mh1PyEV2h7w9dDM/c+V3x2swNHHFPsujyzG3hL2oECgYBgi1w63a/cfkQACVRt +tjy1ZtP50sRaSlXXC5Txh9u6AoO0k13V1+POo3LikYHfZRRrLTtMUrPVPAdD5H3v +rQ11p7gVgzw7ikMEi4hNw2ueX6UXzVSxAyeLGdG71QToqXPwK1tH/AOnD5g6hYAS +kXsNUaCkLeNkkbcWxXPY2HE6MA== +-----END PRIVATE KEY----- diff --git a/unittest/libmariadb/certs/server-req.pem b/unittest/libmariadb/certs/server-req.pem new file mode 100644 index 00000000..2356625f --- /dev/null +++ b/unittest/libmariadb/certs/server-req.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICpTCCAY0CAQAwYDELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAwwQc2Vy +dmVyLmxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkX +Xc08+CmsNALgFKj5/hxLNLiPjqf5MQBoK7Sb4HDQdIavowBcifsRSvdVjHzMojvj +8cbUdgFLx09PSncdzypy+wy1y6MrIYiw5hxtS2kKRkxiEKEgwwD8AA77CXKidpJR +hhSZOUMKxtyiWr1yNCdC2VcZI+QPNUkImeCHiN4pln0uJW9YRuUS7hisASeq4St1 +qU+Y14nYuCowbil7Am5eq273y57Ul7bwydVL82tE8+16axlwVwmVAugbD+C1lFZD +SAz6EdqpzrFWseYolLIZRFTA5FKUq9f+Uifnxm0PJLtsjVbUO0xnb9QXE1N2YKgL +pIX9+P8Ma7NuIoSsZrkCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQB+Ctji5m7b +v/IYBSvvMIhWRDcQIQ/+3pzwtPRH8wb2iB6kYLFirC8vPYn320Dvva4MRp1DPzvP +egQduKFO0ic36DvDvKooSKVvCSoS/LGhH/jFFTbFmp7aJF0raqBU8HIg38eJ0KPv +smVND9uQ+Cibdzn6f3EX/a0c3FRtEtu5cYkJ1B7dksKr1guaobUOxQ4ti4mm4vkG +ll6VHdSMlHTsFLE3cqL7C+0g8f1cJYKyyXtx/43mzdYyOzHptndjmXfitATxw9Zy +hCXJtvgwbQdGA8ZiCeB6BxNfbD4Bhm2G0k59Vv942IunQUShWwDXTlSXz7DFRs/h +lDL64qSmNvdm +-----END CERTIFICATE REQUEST----- diff --git a/unittest/libmariadb/ssl.c b/unittest/libmariadb/ssl.c index ad2ffc0e..4dc8d92e 100644 --- a/unittest/libmariadb/ssl.c +++ b/unittest/libmariadb/ssl.c @@ -74,7 +74,7 @@ static int test_ssl_cipher(MYSQL *unused) my= mysql_init(NULL); FAIL_IF(!my, "mysql_init() failed"); - mysql_ssl_set(my,0, 0, "./ca.pem", 0, 0); + mysql_ssl_set(my,0, 0, "./certs/ca.pem", 0, 0); FAIL_IF(!mysql_real_connect(my, hostname, username, password, schema, port, socketname, 0), mysql_error(my)); @@ -115,7 +115,7 @@ static int test_multi_ssl_connections(MYSQL *unused) mysql[i]= mysql_init(NULL); FAIL_IF(!mysql[i],"mysql_init() failed"); - mysql_ssl_set(mysql[i], 0, 0, "./ca.pem", 0, 0); + mysql_ssl_set(mysql[i], 0, 0, "./certs/ca.pem", 0, 0); FAIL_IF(!mysql_real_connect(mysql[i], hostname, username, password, schema, port, socketname, 0), mysql_error(mysql[i])); @@ -154,7 +154,7 @@ static void ssl_thread(void) mysql_thread_end(); pthread_exit(-1); } - mysql_ssl_set(mysql, 0, 0, "./ca.pem", 0, 0); + mysql_ssl_set(mysql, 0, 0, "./certs/ca.pem", 0, 0); if(!mysql_real_connect(mysql, hostname, username, password, schema, port, socketname, 0)) @@ -213,8 +213,31 @@ static int test_ssl_threads(MYSQL *mysql) } #endif +static int test_phpbug51647(MYSQL *my) +{ + int rc; + MYSQL* mysql; + + if (check_skip_ssl()) + return SKIP; + + mysql= mysql_init(NULL); + FAIL_IF(!mysql, "Can't allocate memory"); + + mysql_ssl_set(mysql, "certs/client-key.pem", "certs/client-cert.pem", "certs/ca-cert.pem", 0, 0); + + FAIL_IF(!mysql_real_connect(mysql, hostname, username, password, schema, + port, socketname, 0), mysql_error(mysql)); + diag("%s", mysql_get_ssl_cipher(mysql)); + mysql_close(mysql); + + return OK; +} + + struct my_tests_st my_tests[] = { {"test_ssl", test_ssl, TEST_CONNECTION_NEW, 0, NULL, NULL}, + {"test_phpbug51647", test_phpbug51647, TEST_CONNECTION_NONE, 0, NULL, NULL}, {"test_ssl_cipher", test_ssl_cipher, TEST_CONNECTION_NONE, 0, NULL, NULL}, {"test_multi_ssl_connections", test_multi_ssl_connections, TEST_CONNECTION_NONE, 0, NULL, NULL}, #ifndef WIN32